CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.2...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

EUVD-2026-30936

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100 Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

PT-2026-41938

Name of the Vulnerable Software and Affected Versions Funnel Builder for WooCommerce Checkout versions prior to 3.15.0.3 Description A missing authorization issue in the public checkout endpoint allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's...

WordPress plugin Funnel Builder for WooCommerce Checkout 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

Funnel Builder Flaw Exploited to Enable WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week...

PT-2026-41419

Name of the Vulnerable Software and Affected Versions Funnel Builder affected versions not specified Description An SQL injection flaw in the Funnel Builder plugin allows attackers to inject payment skimmers into WooCommerce checkout pages. This issue enables script propagation across all checkou...

VulnCheck KEV: CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Funnel Builder by FunnelKit versions = 3.15.0.1...

CVE-2025-30631

CVE-2025-30631 is a Reflected XSS in AA-Team Woocommerce Sales Funnel Builder and AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer). Affected: Woocommerce Sales Funnel Builder up to version 1.1; Amazon Affiliates Addon for WPBakery Page Builder up to 1.2. Root c...

CVE-2025-30631 WordPress Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder formerly Visual Composer azon-addon-js-composer allows Reflected XSS.This issue affects Amazon Affiliates Addon for WPBakery Page Builder...

WordPress plugin Woocommerce Sales Funnel Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...

WordPress FunnelKit – Funnel Builder for WooCommerce Checkout plugin <= 3.13.1.5 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Marcin Dudek dudekmar - CERT.PL in WordPress Plugin Funnel Builder by FunnelKit versions = 3.13.1.5...

WordPress plugin FunnelKit - Funnel Builder for WooCommerce Checkout SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plug...

CVE-2025-66067

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Funnel Builder by FunnelKit funnel-builder allows DOM-Based XSS.This issue affects Funnel Builder by FunnelKit: from n/a through = 3.13.1.2...